Github user srowen commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19419#discussion_r144483296
  
    --- Diff: docs/configuration.md ---
    @@ -2013,7 +2013,62 @@ Apart from these, the following properties are also 
available, and may be useful
         </tr>
     </table>
     
    +### HTTP Security Headers
     
    +Apache Spark can be configured to include HTTP Headers which aids in 
preventing Cross 
    +Site Scripting (XSS), Cross-Frame Scripting (XFS), MIME-Sniffing and also 
enforces HTTP 
    +Strict Transport Security.
    +
    +<table class="table">
    +    <tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
    +    <tr>
    +        <td><code>spark.ui.xXssProtection</code></td>
    +        <td>None</td>
    +        <td>
    +            Value for HTTP X-XSS-Protection response header. You can 
choose appropriate value 
    +            from below:
    +            <ul>
    +                <li>  0 (Disables XSS filtering)
    --- End diff --
    
    Markdown won't work here? I think it won't. Close the `<li>` tags though. 
It's not clear below what the values the users sets though. The values are `0`, 
`1`, or `1; mode=block` and that should be clear.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

Reply via email to